> > > Hi,> > > > It is very easy to crash a system simply by viewing a large file with> > > > editor such as pico. It will eat up all the resources and do some> > > > unpredictible things. In my case I viewed a 100mb file as it was reading> > > > it, it filled up all the swap space which is 48mb. It killed most of the> > > > processes including sendmail, sshd, X, syslog. Does anyone have any idea> > > > how can i protect myself against that kind of DoS? My configuration:> > > > P100, 48mb ram, 48mb swap running on kernel 2.2.2.> > > You need to set user resource limits. This isn't a kernel problem. See> > > the "ulimit" command if you use bash. Other shells probably use a different> > > command.> > As a side note, the new versions of the linux shadow suite> > support the /etc/limits command to force limits on users, and I> > believe the RedHat PAM package has a similiar option..> I already thought of it and I think that linux _should_ be more protected> against such kind of attacks. A simple solution: If there's no swap space,> the kernel should count which user is taking most memory and kill some his> processes; not just kill the first process that actually wants memory over> limit.

Would you like it if you were that user and the kernel decided to killsome of your processes ? I'm sure I wouldn't :)

Also, I thought the process that requests the over-the-limit memory isn't'killed'. Surely the memory allocation routine fails. Making the userprogram take action.